That appears to be the case. DNN is an ASP.NET application and PHP should not be present. Perhaps you can restore from a recent backup and then make it a priority to upgrade to the latest version of DNN (9.13.3) while removing Telerik if you haven't done so already.

With these scenarios the best approach for me its to restore from a clean backup, it'll take too much time to manually search the files injected into your website and you might never find them all. Restore and upgrate to the latest version in order to erradicate this problem from happening again. 

Unfortunately, depending on what/how it was done, there could be any number of ways to "clean" things up. You should take the site offline and go through your backups and run scans on everything. If this is done, the bad actor could potentially have a copy of everything, have direct access to the server(s), etc.

Thank you all, I have dnn 9.2.2  I did not upgrade because I did not know if Ventrian Articles module (installed one ) will working properly with the latest dnn.
Do you know if it has been any security issiu like this within 9.2.2?

 

You'd need to upgrade to at least 9.11, I believe.  However, upgrading may not even work, or it may not get rid of the hack.  You'll need to perform some analysis of all of the files and prior backups to determine what was done.  And, as long as you have logging enabled, you'll want to go through the logs to help you determine when/how the hack occurred.  

Please know that due to the nature of hacks in general, and our community's heightened focus and awareness of security, there's only so much we'll be able to publicly discuss in the forums.  No one wants to leave a "how to" trail of instructions.  

Thanks for the quick unswer and I understand your point of view about the security diskussion. I will try to install a clean copy of the uplication and move the articles, it will take some time though :)

If you are looking for a fairly quick solution, you could use EasyDNNnews for your articles moving forward. There is an import module for Ventrian and it works like a charm. This is a commercial module, but the cost is pretty low for a single site instance.

Posted By zozani on 3/10/2024 1:27 PM

Thank you all, I have dnn 9.2.2  I did not upgrade because I did not know if Ventrian Articles module (installed one ) will working properly with the latest dnn.
Do you know if it has been any security issiu like this within 9.2.2?

 

You can check disclosed security issues for any given version here: https://dnncommunity.org/security